Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community

Configure For Non-Admin User

3 min read

If you have decided to not use a read-only admin user to configure your ServiceNow instance, you will need to ensure that Quality Clouds has access to all the code and configuration tables required by setting up individual Access Control Lists on them. You can do so manually, working from the list of tables provided on this list, which is quite time consuming.

Or you can apply an Update Set provided by Quality Clouds. This Update Set will make the following changes in your instance:

  1. Create the qc_access role
  2. Assign the following roles to the qc_access role
    1. business_rule_admin
    2. catalog_admin
    3. client_script_admin
    4. data_policy_admin
    5. form_admin
    6. import_admin
    7. personalize_styles
    8. script_include_admin
    9. sn_change_write
    10. sp_admin
    11. ui_action_admin
    12. ui_policy_admin
    13. ui_script_admin
    14. web_service_admin
    15. workflow_admin
    16. sn_appclient.app_client_user (since version 24.8.0 – to enable Application Scans from Quality Clouds Portal)
  3. Create read-only ACLs for the qc_access role to those tables which have ACLs restricting access to admin only, which are:
    1. sys_app_cateogry
    2. sys_dictionary_override
    3. sys_data_policy2
    4. sys_script_email
    5. sys_script_pattern
    6. sys_security_acl
    7. sysevent_script_action
    8. sysevent_in_email_action
    9. syslog_transaction
    10. wf_workflow_version
    11. v_index_creator (since version 22.1.1.0)
    12. sys_user.roles (since version 22.2.1.0 – only to roles column)
    13. scheduled_import_set
    14. sysauto_bm_script
    15. sysauto_pa
    16. sysauto_query_builder
    17. sysauto_scripts
    18. sysauto_summary_generator
    19. sysauto_report
    20. sysauto_template
    21. sysauto_custom_chart
    22. sys_update_set (since version 24.8.0 – to enable Update Set Scans from Quality Clouds Portal)
    23. sys_app (since version 24.8.0 – to enable Update Set Scans from Quality Clouds Portal)
    24. sys_db_object

Important

Please consider that if you have ACLs in place which could conflict with the ones included in these Update Sets, you will need to resolve these conflicts manually.

Role Change from version 22.1.1.0

If you were using a non-admin user Update Set before version 22.1.1.0, you will need to re-assign the role qc_access to the user configured to run the full scans. The older role (qc_access_role) which relied exclusively on ACLs is no longer used. 

#

Download version 24.11.0.0 #

Quality Clouds Non Admin Configuration v 24.11.0.0.xml

From the version 24.11.0.0 Update Set LiveCheck retrieves contents of the Update Set directly from the Update Set contents table.

Pre-requisites: Either have a user with the admin profile configured to run full scans, OR, if a non-admin user is configured to run full scans, apply the new non-admin access Update Set.

Before this change, the Update Set LiveCheck process was retrieving the contents of an Update Set from the versions table. This was because no further configuration was required to access that table with the user which runs the full scans.

In almost all cases, accessing the versions table (sys_update_version) is equivalent to directly accessing the table which holds the contents of each update set (sys_update_xml). However, when the sys_update_xml table is manipulated directly, or when a scoped application is exported to an Update Set, the contents of these tables will not match, and so the Update Set LiveCheck process was returning unexpected results.

In order to fix these issues, the Update Set LiveCheck will now try to access sys_update_xml directly. In order for this query to be successful, either the user configured to run the full scan must have the admin role, or the new version of the Update Set to configure permissions to run full scans with a non-admin user must be applied. The new version of this Update Set contains ACLs which grant read-only access to the the sys_update_xml table for the qc_access role.

Note that if the non-admin configuration Update Set is not applied, the behaviour will default to the current one (i.e. LiveCheck will still extract the contents of an Update Set from sys_update_version), which will generate correct results in most (but not all) cases. In this case, Update Set LiveChecks will now complete with a Warning status.

Update Sets for Operational Scans #

The below update sets are required to enable access to the data fields which are used to monitor the operational behaviour of a productive ServiceNow instance. They are only required if the Quality Clouds Operational Scans product (aka admin bot) has been purchased. The update set for operational scans requires the base update set to be installed before it is applied.

This update set grants read only access to the following tables:

  • cmn_department
  • sys_user – only to the fields user_name, active, last_login
  • sys_user_role – via the role usage_admin
  • sys_user_has_role
Quality Clouds Release VersionRelease DateFull Configuration Update SetIncremental Update Set (from previous release)
22.2.1.0April 29th, 2020sys_remote_update_set_Quality_Clouds_Operational.xml
N/A
Updated on March 21, 2025
Table of contents
Was it helpful ?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .